Oracle Fusion Middleware Evaluation Guide for Oracle Directory Server Enterprise Edition

Chapter 8 Synchronizing Directory Server With Windows Users and Groups

Identity Synchronization for Windows provides bidirectional password and user attribute synchronization between Directory Server and the Windows Active Directory or NT SAM registry. This chapter describes the key features of Identity Synchronization for Windows and covers the following topics:

Account Synchronization

Identity Synchronization for Windows synchronizes account creation, modification, inactivation, and deletion between Active Directory and Directory Server, or Windows NT and Directory Server. Using Identity Synchronization for Windows you can create, modify, and delete selected attributes or users accounts in one directory environment and propagate the changes automatically to the other directory environment.

Identity Synchronization for Windows enables you to control the flow of object deletions and object activations and inactivations between Directory Server and Windows.

You can use Identity Synchronization for Windows to synchronize data with multiple Active Directory and Windows NT domains and with multiple Active Directory forests. The centralized system auditing makes it possible for you to monitor installation and configuration status, day-to-day system operations, and any error conditions related to your deployment from a single, centralized location.

Group Synchronization With Active Directory

Identity Synchronization for Windows supports synchronization of user groups between Directory Server and Active Directory. You can map a group on Directory Server to either Domain Global Distribution, or to Domain Global Security on Active Directory.

For more information about group synchronization, see Configure Identity Synchronization for Windows to Detect and Synchronize Groups Related Changes between Directory Server and Active Directory in Sun Java System Identity Synchronization for Windows 6.0 Installation and Configuration Guide.

Failover Support for Multi-master Replicas

Identity Synchronization for Windows supports synchronizing users in a single replicated suffix.

Integrated Administration Server Support for Windows Synchronization

The installer might not find an existing Administration Server for the selected directory source on the local host. However, Identity Synchronization for Windows ships with Administration Server. When the installer does not find a local Administration Server, the installer adds the Administration Server at the specified Server Root location.

Where to Go From Here

To read more about the features presented in this chapter, refer to the following documentation.

Feature

Documentation

Deploying Identity Synchronization for Windows 

Sun Java System Identity Synchronization for Windows 6.0 Deployment Planning Guide

Using the Identity Synchronization for Windows command-line utilities 

Appendix A, Using the Identity Synchronization for Windows Command Line Utilities, in Sun Java System Identity Synchronization for Windows 6.0 Installation and Configuration Guide

Sample XML configuration documents 

Appendix B, Identity Synchronization for Windows LinkUsers XML Document Sample, in Sun Java System Identity Synchronization for Windows 6.0 Installation and Configuration Guide

Configuring multiple Windows domains and using Synchronization User Lists (SULs) 

Appendix D, Defining and Configuring Synchronization User Lists for Identity Synchronization for Windows, in Sun Java System Identity Synchronization for Windows 6.0 Installation and Configuration Guide

Synchronizing users in a single replicated suffix 

Appendix E, Identity Synchronization for Windows Installation Notes for Replicated Environments, in Sun Java System Identity Synchronization for Windows 6.0 Installation and Configuration Guide

Group synchronization 

Configure Identity Synchronization for Windows to Detect and Synchronize Groups Related Changes between Directory Server and Active Directory in Sun Java System Identity Synchronization for Windows 6.0 Installation and Configuration Guide